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Final Office Action Dated: November 21, 2008 

Remarks/Arguments 

The Office Action mailed November 21, 2008 has been reviewed and carefully 
considered. No new matter has been added. Claims 1, 6, 7, and 16 have been amended. 
Claims 3-5, 10-15, and 17 have been cancelled without prejudice. New Claims 20-35 
have been added. Claims 1, 6-9, 16, and 18-35 are pending in this application. 
Reconsideration of the above-identified application, in view of the above amendments and 
the following remarks, is respectfully requested. 

Claims 1, 3-4 and 6-15 stand rejected under 35 U.S.C. § 103(a) as being 
unpatentable over U.S. Patent Publication No. 2002/0133586 0133586 to Shanklin et al. 
(hereinafter "Shanklin") in view of ZoneAlarm publication by Ash Nallawalla 
(hereinafter "ZoneAlarm"). Claims 16 and 19 stand rejected under 35 U.S.C. §103(a) as 
being unpatentable over Shanklin in view of ZoneAlarm and in view of U.S. Patent No. 
6,185,624B1 to Fijolek et al. (hereinafter "Fijolek"). Claims 17 and 18 stand rejected 
under 35 U.S.C. § 103(a) as being unpatentable over Shanklin, ZoneAlarm, and Fijolek as 
applied to Claim 16, and further in view of United States Patent Publication No. 
2002/0080784 to Krumel (hereinafter "Krumel"). 

The pending independent claims in the case are Claims 1, 7, and 16. 

Initially, it is respectfully asserted that the rejection of Claim 7 is deficient on its 
face. In particular, the Examiner has relied upon the rejection of Claim 1, including the 
corresponding citations and reasoning used to reject Claim 1, in order to reject Claim 7, 
despite different limitations recited in Claim 7 with respect to Claim 1 . Hence, the 
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Examiner has failed to equate every limitation of Claim 7 to a corresponding portion of a 
reference. 

"To establish prima facie obviousness of a claimed invention, all the claim 
limitations must be taught or suggested by the prior art" (MPEP §2143.03, citing In re 
Royka, 490 F.2d 981, 180 USPQ 580 (CCPA 1974)). "If an independent claim is 
nonobvious under 35 U.S.C. 103, then any claim depending therefrom is nonobvious" 
(MPEP §2143.03, citing In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)). 

Hence, the rejection of Claim 7 is deficient on its face, and should be withdrawn 
on this basis alone. 

Regarding Claims 1, 7, and 16, it is respectfully asserted that none of the cited 
references, either taken singly or in any combination, teach or suggest the following 
limitations recited in each of Claims 1, 7, and 16: "wherein the rules in the set are 
prioritized such that each of the plurality of classes represents a respective different one 
of a plurality of priority levels". 

In contrast, as admitted by the Examiner on page 4 of the Office Action, 
ZoneAlert simply discloses that "certain classes can have higher levels of protection". 
However, ranking rules for identifying packets associating with inappropriate activity as 
essentially recited in Claims 1, 7, and 16 does not correspond to affording certain classes 
higher levels of protection as disclosed by ZoneAlert. For example, the rules recited in 
Claims 1, 7, and 16, are for identifying the inappropriate activity in the first place, while 
the protections disclosed in ZoneAlert are for correcting (or blocking) such inappropriate 
activity after it has been detected. None of the remaining references cure the deficiencies 
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of ZoneAlert, and are silent with respect to the above recited limitations of Claims 1, 17, 
and 16. For example, as admitted by the Examiner at page 3 of the Office ACTION: 

Shanklin is silent is [sic-in] expressly teaching separating those sets of 
rules into a plurality of classes and an indicator device for providing a 
plurality of user discernable indicators, wherein each of the plurality of 
user discernable indicators is associated with a different one of the 
plurality of classes, and wherein a respective one of said plurality of user 
discernable indicators is triggered if one or more of said plurality of rules 
corresponding to one of said plurality of classes associated with the 
respective one of said plurality of user discernable indicators is violated. 

Fijolek and Krumel also fail to teach or suggest the above-recited limitations of 
Claims 1, 7, and 16, and hence do not cure the deficiencies of Shanklin and/or ZoneAlert. 
Fijolek relates to a management system for a cable modem on a data-over-cable system 
(col. 1, lines 6-8). It appears that the Examiner cited Fijolek to show a cable modem 
being used as a mid-switching device. However, Fijolek teaches little, if anything with 
respect to user discernable indicators or alerts, let alone "wherein the rules in the set are 
prioritized such that each of the plurality of classes represents a respective different one 
of a plurality of priority levels" as recited in Claims 1, 7, and 16. Therefore, Fijolek, like 
Shanklin and ZoneAlert, fails to teach the above recited limitations found in Claims 1,7, 
and 16. 
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Krumel relates to PLD-based communication protocols for transmitting, receiving 
and configuring data across networks ([0001]). With respect to alerts, Krumel teaches 
sending an alert in response to an attack on the data protection system ([0116]). The 
reference teaches that a single multi-colored LED can be used as such alert ([0116]). 
However, Krumel does not teach or suggest anything with respect to separating rules into 
classes or assigning separate indicators to each class of rules and triggering the specific 
indicator associated with a class upon a determination that a rule within the class has 
been violated, let alone "wherein the rules in the set are prioritized such that each of the 
plurality of classes represents a respective different one of a plurality of priority levels" 
as recited in Claims 1, 7, and 16. Therefore, Krumel, like Shanklin, ZoneAlert, and 
Fijolek, fails to teach the above recited limitations found in Claims 1, 7, and 16. 

Thus, none of the cited references, either taken singly or in any combination, 
teach or suggest all the above recited limitations of Claims 1, 7, and 16. 

"To establish prima facie obviousness of a claimed invention, all the claim 
limitations must be taught or suggested by the prior art" (MPEP §2143.03, citing In re 
Royka, 490 F.2d 981, 180 USPQ 580 (CCPA 1974)). 

Thus, Claims 1, 7, and 16 are patentable distinct and non-obvious over the cited 
references for at least the reasons set forth above. 

Moreover, "[i]f an independent claim is nonobvious under 35 U.S.C. 103, then 
any claim depending therefrom is nonobvious" (MPEP §2143.03, citing In re Fine, 837 
F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)). 
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Claim 6 directly depends from Claim 1, and thus include all the limitations of 
Claim 1. Claims 8 and 9 directly depend from Claim 7, and thus include all the 
limitations of Claim 7. Claims 18 and 19 directly depend from Claim 16, and thus 
include all the limitations of Claim 16. Accordingly, Claims 6, 8, 9, 18, and 19 are 
patentably distinct and non-obvious over the cited reference for at least the reasons set 
forth above with respect to Claims 1, 7, and 16, respectively. 

Thus, reconsideration of the above rejections is respectfully requested. 

Moreover, as noted above, new Claims 20-35 have been added. Support for 
Claims 20-22 maybe found at least at page 12, lines 19-22 of the Applicants' 
specification. Support for Claims 23-34 may be found at least at page 10, lines 20-31, 
page 11, lines 3-11, and page 12, lines 7-35, and original Claims 8-9. Support for Claim 
35 may be found at least at page 10, lines 20-31, and page 12, lines 7-16. 

Claims 20, 23-26, and 35 directly or indirectly depend from Claim 1 or a claim 
which itself is dependent from Claim 1 and, thus, include all the limitations of Claim 1. 
Claims 21 and 27-30 directly or indirectly depend from Claim 7 or a claim which itself is 
dependent from Claim 7 and, thus, include all the limitations of Claim 7. Claims 22 and 
31-34 directly or indirectly depend from Claim 16 or a claim which itself is dependent 
from Claim 16 and, thus, include all the limitations of Claim 16. Accordingly, Claims 
20, 23-26, and 35 are patentably distinct and non-obvious over the cited reference for at 
least the reasons set forth above with respect to Claim 1, Claims 21 and 27-30 are 
patentably distinct and non-obvious over the cited reference for at least the reasons set 
forth above with respect to Claim 7, and Claims 22 and 31-34 are patentably distinct and 
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non-obvious over the cited reference for at least the reasons set forth above with respect 
to Claim 16. 

Moreover, said new claims include patentable subject matter in and of themselves 
and are, thus, patentable distinct and non-obvious over the cited references in their own 
right. For example, it is respectfully asserted that none of the cited references, either 
taken singly or in any combination, teach or suggest the following limitations recited in 
new Claim 20: 

wherein the firewall filters any of the packets that violate the one or more 
rules irrespective of a number of the packets that violate the one or more 
rules, but only triggers the respective one of the plurality of user 
discernable indicators when the number of the packets that violate the one 
or more rules exceeds a pre-specified threshold. 

Moreover, it is respectfully asserted that none of the cited references, either taken 
singly or in any combination, teach or suggest the following limitations recited in new 
Claim 21: 

wherein the data traffic includes a number of packets that violate the at 
least one of the rules of the first one of the plurality of classes, and 
wherein the method filters the packets that violate the at least one of the 
rules of the first one of the plurality of classes, irrespective of the number 
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of packets that violate the one or more rules, but only triggers the 
respective one of the plurality of user discernable indicators when the 
number of packets that violate the at least one of the rules of the first one 
of the plurality of classes exceeds a pre-specified threshold. 

Further, it is respectfully asserted that none of the cited references, either taken 
singly or in any combination, teach or suggest the following limitations recited in new 
Claim 22: 

wherein the firewall program is executable by said controller to cause 
filtering of any of the packets that violate the one or more rules 
irrespective of a number of the packets that violate the one or more rules, 
but wherein the respective one of the plurality of user discernable 
indicators is triggered only when the number of packets that violate the 
one or more rules exceeds a pre-specified threshold. 

Also, it is respectfully asserted that none of the cited references, either 
taken singly or in any combination, teach or suggest the following limitations 
recited in new Claim 23: 

wherein each of the plurality of user discernable indicators except a 
particular one is associated with the respective different one of the 
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plurality of classes, the particular one of the plurality of user discernable 
indicators being associated with an affirmative status that filtering is being 
contemporaneously performed for any of the packets that violate the one 
or more rules, and wherein the method further comprises filtering any of 
the packets that violate the one or more rules, and wherein the particular 
one of the plurality of user discernable indicators is concurrently triggered, 
along with the respective one of the plurality of user discernable 
indicators, to indicate that the filtering is being contemporaneously 
performed, only when a number of the packets that violate the one or more 
rules exceeds a pre-specified threshold. 

Additionally, it is respectfully asserted that none of the cited references, either 
taken singly or in any combination, teach or suggest the following limitations recited in 
new Claim 24: 

wherein only the particular one of the plurality of user discernable 
indicators is triggered if the one or more of the rules is violated, the 
filtering is performed by the firewall program, and the number of the 
packets that violate the one or more rules does not exceed the pre- 
specified threshold. 
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Moreover, it is respectfully asserted that none of the cited references, either taken 
singly or in any combination, teach or suggest the following limitations recited in new 
Claim 25: 

wherein only the respective one of the plurality of user discernable 
indicators is triggered if the one or more of the rules is violated, the 
filtering is performed by the firewall program, and the number of the 
packets that violate the one or more rules does not exceed the pre- 
specified threshold. 

Further, it is respectfully asserted that none of the cited references, either taken 
singly or in any combination, teach or suggest the following limitations recited in new 
Claim 26: "wherein whether the respective one of the plurality of user discernable 
indicators is triggered or not is based on which of the plurality of priority levels is 
involved with respect to a corresponding rule violation." 

Also, it is respectfully asserted that none of the cited references, either taken 
singly or in any combination, teach or suggest the following limitations recited in new 
Claim 27: 

wherein each of the plurality of user discernable indicators except 
a particular one is associated with the different one of the plurality of 
classes, and the method further comprises: 
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associating the particular one of the plurality of user discernable 
indicators with an affirmative status that filtering is being 
contemporaneously performed for any of the packets that violate at least 
one of the rules; and 

in the case of the rule of at least the first class being violated and a 
number of packets violating the rule of at least the first class exceeding a 
pre- specified threshold, providing a user discernable notification of the 
filtering being contemporaneously performed by triggering, concurrently 
with the triggering of the respective one of the plurality of user discernable 
indicators, the particular one of the plurality of user discernable indicators 
associated with the affirmative status that the filtering is being 
contemporaneously performed. 

Additionally, it is respectfully asserted that none of the cited references, either 
taken singly or in any combination, teach or suggest the following limitations recited in 
new Claim 28: 

wherein in the case of the rule of at least the first class being violated and 
the number of packets violating the rule of at least the first class not 
exceeding the pre- specified threshold, only providing the user discernable 
notification of the filtering without providing the user discernable 
notification of the violation. 
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Moreover, it is respectfully asserted that none of the cited references, either taken 
singly or in any combination, teach or suggest the following limitations recited in new 
Claim 29: 

wherein in the case of the rule of at least the first class being violated and 
the number of packets violating the rule of at least the first class not 
exceeding the pre-specified threshold, only providing the user discernable 
notification of the violation without providing the user discernable 
notification of the filtering. 

Further, it is respectfully asserted that none of the cited references, either taken 
singly or in any combination, teach or suggest the following limitations recited in new 
Claim 30: "wherein whether the respective one of the plurality of user discernable 
indicators is triggered or not is based on which of the plurality of priority levels is 
involved with respect to a corresponding rule violation." 

Further, it is respectfully asserted that none of the cited references, either taken 
singly or in any combination, teach or suggest the following limitations recited in new 
Claim 31: 

wherein the firewall program is executable by said controller to cause 
filtering any of the packets that at least one of the rules, and wherein each 
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of the plurality of user discernable indicators other than a particular one is 
respectively associated with the different ones of the plurality of classes, 
the particular one of the plurality of user discernable indicators being 
associated with an affirmative status that filtering is being 
contemporaneously performed, and wherein the particular one of the 
plurality of user discernable indicators is triggered, concurrently with the 
triggering of the respective one of the plurality of user discernable 
indicators, if the one or more of the rules is violated, the filtering is 
performed by the firewall program, and a number of the packets that 
violate the one or more rules exceeds a pre-specified threshold. 

Also, it is respectfully asserted that none of the cited references, either taken 
singly or in any combination, teach or suggest the following limitations recited in new 
Claim 32: 

wherein only the particular one of the plurality of user discernable 
indicators is triggered if the one or more of the rules is violated, the 
filtering is performed by the firewall program, and the number of the 
packets that violate the one or more rules does not exceed a pre-specified 
threshold. 
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Additionally, it is respectfully asserted that none of the cited references, either 
taken singly or in any combination, teach or suggest the following limitations recited in 
new Claim 33: 

wherein only the respective one of the plurality of user discernable 
indicators is triggered if the one or more of the rules is violated, the 
filtering is performed by the firewall program, and the number of the 
packets that violate the one or more rules does not exceed a pre- specified 
threshold. 

Moreover, it is respectfully asserted that none of the cited references, either taken 
singly or in any combination, teach or suggest the following limitations recited in new 
Claim 34: "wherein whether the respective one of the plurality of user discernable 
indicators is triggered or not is based on which of the plurality of priority levels is 
involved with respect to a corresponding rule violation." 

Further, it is respectfully asserted that none of the cited references, either taken 
singly or in any combination, teach or suggest the following limitations recited in new 
Claim 35: "where each of the plurality of classes uses a different one of a plurality of 
thresholds with respect to how many violating ones of the packets must be detected 
before filtering is commenced, the plurality of thresholds being end-user settable." 

With respect to the limitations recited in new Claims 20-35, it is respectfully 
asserted that the cited references, taken singly or in any combination, do not teach or 
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suggest the same, and appear to be silent with respect to the above limitations of Claims 
20-35. 

In view of the foregoing, Applicants respectfully request that the rejection of the 
claims set forth in the Office Action of November 21, 2008 be withdrawn and that the 
pending claims be allowed. 
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The fee of $810 required by 37 C.F.R. §1. 17(e) for the filing of a Request for 
Continued Examination (RCE) under 37 C.F.R. §1.114, as well as the fee of $208 for 4 
claims in excess of 20, is authorized. It is believed that no further additional fees or 
charges are currently due. However, in the event that any additional fees or charges are 
required at this time in connection with the application, they are authorized and may be 
charged to applicants' Deposit Account No. 07-0832. 



Patent Operations 
Thomson Licensing Inc. 
P.O. Box 5312 
Princeton, NJ 08543-5312 

December 19, 2008 



Respectfully submitted, 



By: 



/Guy H. Eriksen/ 
Guy H. Eriksen, Attorney for Applicants 
Registration No.: 41,736 
(609) 734-6807 
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